How to Avoid Targeted Attacks

Last year's Duqu outbreak managed to infiltrate major industrial companies using targeted email messages that looked totally official, with plenty of real-world detail. How can you avoid being the next victim?

Last summer the Duqu worm, which shares code with the infamous Stuxnet, made big news by infiltrating and spying on a handful of industrial control systems manufacturers. According to Symantec, the delivery vector was a Word document sent via email. In each case one or more hapless employees opened the document and unleashed the worm. Were they fools? No, but they were fooled.

The typical worm or virus spreads opportunistically wherever and whenever it can. Duqu is very, very different. Its creators crafted a separate Word document for each target company, making it look as legitimate as possible. The email that delivered the poison document also used facts and information from within the company to make it look totally real and ordinary. Such targeted attacks are becoming more and more common. Unless you're careful, you could become the next victim.

Privacy Lost
Individuals can get hit by targeted attacks too. It seems that every week brings news of a new data breach that imperils private data. Anonymous hacked the Boston Police Department and released login usernames and passwords. Dating site PlentyOfFish lost members' private details to a data breach. An Australian hacker cracked the popular gay hookup app Grindr, putting personal data (including sexual orientation) at risk for hundreds of thousands.

Truly sensitive databases like those containing credit card numbers tend to have better protection, but personal information like your address, contacts, and even likes and dislikes are often exposed. Even with no data breach, your personal information isn't all that private. Sites like ZabaSearch and Spokeo can reveal your address, phone number, age, and more.

Armed with these details, a hacker can generate spurious email messages that look all too real. You wouldn't click a link in an email message from a stranger, but if the message seems to come from one of your friends and includes real-world information that (you think) only a friend would know, you may well lower your guard.

Get Help
You can and should do your best to recognize suspicious messages and avoid risky behavior. Don't click on links in email messages, don't believe a message is valid just because it includes personal information, look for the green tint in the Address bar that indicates the site is safe, and so on. But face it; the bad guys are pretty clever. At the industrial-espionage Duqu level they're really clever. They still might put one over on you, so you need to prepare against that possibility.

If the aim of the attack is to have you open a malware-infested document, once again a good security suite or antivirus can help. Many of them scan all email attachments; by the time you read the fake message your antivirus may have stripped off the malicious attachment.

Consider installing and using a password manager. Instead of clicking a link in a message supposedly from your bank, use the password manager to navigate and log in to the site. If you accidentally link to a fake site, the password manager won't insert your login credentials.

Don't Be the Goat
These precautions will probably keep you safe from personal targeted attacks. If the attack is targeted at your business, though, someone will probably fall for it. By staying vigilant you can at least ensure that you won't be the one blamed when hackers take down the company network.

Read More

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.